{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:01:13Z","timestamp":1754157673662,"version":"3.41.2"},"reference-count":27,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2011,6,7]],"date-time":"2011-06-07T00:00:00Z","timestamp":1307404800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,6,7]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security status in organizations with a focus on public agencies. A central question for the project is how information security issues are communicated within organizations, specifically underlining that communication is control in a cybernetic sense.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The research method applied can be expressed as applied general systems theory combined with design science. The project is carried out in a number of steps: to design modelling techniques and metrics for information security issues in organizations; to collect data from Swedish governmental agencies; to use the modelling techniques to model communication of information security in organizations from different perspectives; to apply metrics on the data in order to assess information security levels in the agencies; to identify gaps; and to identify needs for improvement.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>The motivation for the research is that communication of information security issues within organizations tend to be insufficient and the mental connections between IT\u2010security and information security work are weak, which prohibits the organization from learning and adapting in its security work. An entity's authority depends on its ability to control and manage the variety in the 14 layers. The general control objectives needed were implied based on the information security management standard.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>The paper focuses on mind to mind communication conditions and how to adapt mechanistic systems.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685221111143060","type":"journal-article","created":{"date-parts":[[2011,7,25]],"date-time":"2011-07-25T11:32:54Z","timestamp":1311593574000},"page":"124-133","source":"Crossref","is-referenced-by-count":15,"title":["The 14\u2010layered framework for including social and organizational aspects in security management"],"prefix":"10.1108","volume":"19","author":[{"given":"Yvgne","family":"Monfelt","sequence":"first","affiliation":[]},{"given":"Sofie","family":"Pilemalm","sequence":"additional","affiliation":[]},{"given":"Jonas","family":"Hallberg","sequence":"additional","affiliation":[]},{"given":"Louise","family":"Yngstr\u00f6m","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022031720311972000_b1","doi-asserted-by":"crossref","unstructured":"Ackoff, R. (1976), Designing a National Scientific and Technological Communication System, University of Pennsylvania Press, Philadelphia, PA.","DOI":"10.9783\/9781512800234"},{"key":"key2022031720311972000_b2","unstructured":"Ashby, R. (1963), Introduction to Cybernetics, Wiley, New York, NY."},{"key":"key2022031720311972000_b3","unstructured":"Avizienis, A., Laprie, J. and Randell, B. (2001), \u201cFundamental concepts of dependability\u201d, Research Report No 1145, LAAS\u2010CNRS, Toulouse."},{"key":"key2022031720311972000_b4","unstructured":"Beer, S. (1964), Cybernetics and Management, Science Edition, Wiley, New York, NY."},{"key":"key2022031720311972000_b5","unstructured":"Beer, S. (1979), The Heart of the Enterprise, Wiley, New York, NY."},{"key":"key2022031720311972000_b6","unstructured":"Beer, S. (1981), Brain of the Firm, Wiley, New York, NY."},{"key":"key2022031720311972000_b7","unstructured":"Boulding, K. (1964), \u201cGeneral systems as a point of view\u201d, in Mesarovic, M.D. (Ed.), Views on General Systems Theory, Wiley, New York, NY."},{"key":"key2022031720311972000_b9","unstructured":"Checkland, P.B. (1988), \u201cImages of systems and the systems image\u201d, Journal of Applied Systems Analysis, Vol. 15, pp. 37\u201042."},{"key":"key2022031720311972000_b8","unstructured":"Common Criteria (2009), Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Information, 3 ed., ISO, Geneva, International Standards Office 2003, ISO\/IEC 15408, available at: www.commoncriteriaportal.org\/files\/ccfiles\/CCPART1V3.1R3.pdf (accessed May 24, 2011)."},{"key":"key2022031720311972000_b10","unstructured":"de Rosnay, J. (1979), The Macroscope: A New World Scientific System, Harper & Row, New York, NY."},{"key":"key2022031720311972000_b11","unstructured":"Falkenberg, E.D., Hesse, W., Lindgreen, P., Nilsson, B.E., Han Oei, J.L., Rolland, C., Stamper, R.K., van Assche, F.J.M., Verrijn\u2010Stuart, A.A. and Voss, K. (1998), A Framework of Information System Concepts: The FRISCO Report, International Federation for Information Processing, Leiden."},{"key":"key2022031720311972000_b12","unstructured":"Flood, R. (1999), Rethinking the Fifth Discipline: Learning within the Unknowable, Routledge, London."},{"key":"key2022031720311972000_b13","doi-asserted-by":"crossref","unstructured":"Hevner, A., March, S., Park, J. and Ram, S. (2004), \u201cDesign science in information systems research\u201d, MIS Quarterly, Vol. 28 No. 1, pp. 75\u2010105.","DOI":"10.2307\/25148625"},{"key":"key2022031720311972000_b15","unstructured":"ISO (1998), ISO\/IEC 7498\u20101, Information Technology \u2013 Open Systems Interconnection \u2013 Basic Reference Model: The Basic Model, International Standards Office, Geneva."},{"key":"key2022031720311972000_b14","unstructured":"ISO (2005), ISO\/IEC 27001:2005, Information Technology \u2013 Security Techniques \u2013 Information Security Management Systems \u2013 Requirements, International Standards Office, Geneva."},{"key":"key2022031720311972000_b16","unstructured":"Kowalski, S. (1994), \u201cIT Insecurity: a multi\u2010disciplinary inquiry\u201d, doctoral thesis SU\/KTH Report Series No. 94\u2010004, Department of Computer and Systems Sciences, University of Stockholm, Stockholm."},{"key":"key2022031720311972000_b17","unstructured":"Langefors, B. (1968), Introduktion till informationsbehandling, Berlingska Boktryckeriet, Lund."},{"key":"key2022031720311972000_b18","unstructured":"Miller, J. (1978), Living Systems, McGraw\u2010Hill, New York, NY."},{"key":"key2022031720311972000_b19","unstructured":"Oxford University Press (2004), Concise Oxford English Dictionary, 11th ed., Oxford University Press, Oxford."},{"key":"key2022031720311972000_b20","unstructured":"Shostack, A. and Stewart, A. (2008), The New School of Information Security, 1st ed., Addison\u2010Wesley Professional, Boston, MA."},{"key":"key2022031720311972000_b21","unstructured":"SIS (2003), SIS HB 550: Terminologi f\u00f6r informationss\u00e4kerhet, utg\u00e5va 3, SIS F\u00f6rlag, Stockholm."},{"key":"key2022031720311972000_b22","unstructured":"Swedish National Audit Office (2007), \u201cRegeringens styrning av informationss\u00e4kerhetsarbetet i den statliga f\u00f6rvaltningen\u201d, RiR 2007:10."},{"key":"key2022031720311972000_b25","unstructured":"van Gigch, J. (1978), Applied General Systems Theory, Harper & Row, New York, NY."},{"key":"key2022031720311972000_b26","unstructured":"von Bertalanffy, L. (1956), \u201cMain currents in modern thoughts\u201d, Yearbook of the Society for General Systems Research, Vol. 1."},{"key":"key2022031720311972000_b27","unstructured":"Wiener, N. (1948), Cybernetics or Control and Communication in the Animal and Machine, Wiley, New York, NY."},{"key":"key2022031720311972000_b24","unstructured":"Yngstr\u00f6m, L., Hallberg, J., Pilemalm, S., Lundholm, K., Monfelt, Y. and Davidson, A. (2009a), \u201cCOINS Report # 1 enclosures; modelling the communication of information security issues\u201d, DSV Report Series No. 09\u2010008B, Stockholms Universitet, Stockholm."},{"key":"key2022031720311972000_b23","unstructured":"Yngstr\u00f6m, L., Hallberg, J., Pilemalm, S., Lundholm, K., Monfelt, Y. and Davidson, A. (2009b), \u201cCOINS Report # 1 modelling the communication of information security issues\u201d, DSV Report Series No. 09\u2010008A, Stockholms Universitet, Stockholm."}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685221111143060","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221111143060\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221111143060\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:21Z","timestamp":1753402161000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/19\/2\/124-133\/178437"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,6,7]]},"references-count":27,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2011,6,7]]}},"alternative-id":["10.1108\/09685221111143060"],"URL":"https:\/\/doi.org\/10.1108\/09685221111143060","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2011,6,7]]}}}